SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation use of HTTP_REFERER in login redirect

    hello all,

    i'm trying to do something seemingly simple but it just wont work. essentially I have a page requiring login, with this:
    PHP Code:
    require('./includes/config.inc.php');
    $page $_SERVER['HTTP_REFERER'];
    #// If user is not logged in redirect to login page
    if(!isset($HTTP_SESSION_VARS["LOGGED_IN"])) {
            
    header("Location: user_login.php?goto=".$page);
        exit;
    }

        include 
    "header.php";
            include 
    "templates/template_test.php";
        include 
    "footer.php";
        exit; 
    The problem is for starters its ignoring the $page, and taking me to user_login.php?goto=
    I basically want to end up on user_login.php?goto=(intended URL) then use a
    PHP Code:
     Header("Location: $_GET['goto']"); 
    What am I doing wrong? my php knowledge is basic at best, so i've probably made some blindingly obvious oversight...right?
    Last edited by wheeler; Apr 30, 2006 at 02:56.

  2. #2
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    likely your problem is the browser is not sending the referer header.
    this header is optional, and the browser does not have to send it. if it doesnt send it, that variable will be empty.

    you really shouldnt rely on the browser ever sending this header.

    is it not possible to just code the referer page into the url, so you dont have the hope the browser sends the header?

  3. #3
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    awesome the fruits of my labour have finally paid off (only took all arvo)

    On the page requiring login i used
    PHP Code:
    $page $_SERVER['PHP_SELF'];

    if(!isset(
    $_SESSION["LOGGED_IN"])) {
        
    $_SESSION["REDIRECT_AFTER_LOGIN"] = $page;
        
        
    Header("Location: user_login.php");
        exit;

    and on the user_login.php page....
    PHP Code:
    $URL $_SESSION["REDIRECT_AFTER_LOGIN"];
    unset(
    $_SESSION["REDIRECT_AFTER_LOGIN"]);

    Header("Location: $URL");
    exit; 
    Why does HTTP_REFERER suck so much anyway? Would it be wise to steer clear of it in the future?

    Also is PHP_SELF a good one to use? it seems to be the only one that ever works on my site.

    and finally, would someone be good enough to share what this actually is? $_SESSION["REDIRECT_AFTER_LOGIN"] even though i've used it i don't really know what it means... is it a cookie or something of the nature?

  4. #4
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wheeler
    Why does HTTP_REFERER suck so much anyway? Would it be wise to steer clear of it in the future?

    Also is PHP_SELF a good one to use? it seems to be the only one that ever works on my site.

    and finally, would someone be good enough to share what this actually is? $_SESSION["REDIRECT_AFTER_LOGIN"] even though i've used it i don't really know what it means... is it a cookie or something of the nature?
    It sucks because you're depending on the client to send it to you. Some programs, I think Norton Security is one of them, disables the referer header from being sent. Some browsers/programs/people think they're a security risk. Yes, it'd be wise to avoid using them if you depend on it. If you're using it to get a bit more informaiton that's one thing -- but it's not reliable. For example, an e-commerce site I built uses it to track where they first got to our site from and store it in the database. Not depending on it, so if it's not there, no biggie.

    PHP_SELF is fine to use.

    $_SESSION is a variable that PHP keeps track of for you. Generally a session id is stored on the client in the form of a cookie, and PHP matches that id with a flat file on the server and pulls variable information from. It's a way of passing variables from one page to another. It'd be a very good thing to read up on if you intend to keep using PHP.

  5. #5
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for your help UFTimmy, i'm about to buy a learning php book, i have one already that is using php in dreamweaver, but i'd prefer a more pure php approach. can anyone suggest any good beginner books?

  6. #6
    Obey the Purebreed trib4lmaniac's Avatar
    Join Date
    Dec 2004
    Location
    Cornwall, UK
    Posts
    594
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wheeler
    can anyone suggest any good beginner books?
    http://www.sitepoint.com/forums/show...+book+beginner


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •